Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

updating eval() #23

Closed
wants to merge 2 commits into from

4 participants

@ehynds

No description provided.

@addyosmani

@paulirish could we merge this?

@paulirish
Owner

i want to but its out of date. eric can you rebaseline?

@Garbee
Collaborator

I just tired to do a conflict resolution locally. It worked but there were numerous differences between them. I think the best route will be to look at the individual diffs and do another PR/push that way only the known edits for this issue are added.

I will get this done later today.

@Garbee
Collaborator

Checking the history, this was committed already back in February of 2011! On the 18th to be exact.

@Garbee Garbee closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 18, 2011
  1. @ehynds

    Updating eval()'s description

    ehynds authored
  2. @ehynds

    updating verbiage

    ehynds authored
This page is out of date. Refresh to see the latest.
Showing with 19 additions and 0 deletions.
  1. +19 −0 index.html
View
19 index.html
@@ -1,3 +1,4 @@
+
<!DOCTYPE html>
<!--[if lt IE 9 ]><html lang="en" class="no-js shitty"><![endif]-->
@@ -741,6 +742,24 @@ <h1 id="intervention"><b>W3Schools</b> An Intervention</h1>
<code><a href="https://developer.mozilla.org/en/JavaScript/Reference/Global_Objects/eval" rel="external">eval</a>()</code>
certainly does not parse a string to determine whether or not it's JavaScript.
</p>
+ <p>
+ W3Schools recently updated their description, but it is still wrong.
+ </p>
+ <blockquote>
+ If the argument is an expression, eval() evaluates the expression. If the argument is one or more JavaScript statements, eval()
+ executes the statements.
+ </blockquote>
+ <p>
+ You do not pass an expression or a JavaScript statement to <code>eval()</code>, but rather a string, which typically
+ represents an expression or statement. The expression/statement represented by the string is executed.
+ </p>
+ <p>
+ If fact, if you do not pass a string to <code>eval()</code>, the argument is returned unchanged.
+ </p>
+ <p>
+ Worst of all, W3Schools irresponsibility fails to educate users on why <code>eval()</code> is a <a href="https://developer.mozilla.org/en/JavaScript/Reference/Global_Objects/eval#section_5">dangerous function to use</a>
+ and is inappropriate for most use cases. Nor is there any mention of safer alternatives.
+ </p>
</li>
<li id="js_statements">
Something went wrong with that request. Please try again.